Our client is looking for an inquisitive and resourceful AVP, Cybersecurity Risk and Governance who will be responsible for leading all aspects of cybersecurity risk and governance functions. As the leader of the cybersecurity risk and governance function reporting to the CISO, you will embrace the vision and development of strategic cyber risk and governance roadmap which is in your efficient hands. You will ensure that cyber risk is managed appropriately and within tolerance defined by the organization. At the same time, you will continue to ensure the day-to-day running of current cybersecurity risk, governance and advisory functions while refining and maturing their operation. Lastly, your ability to take on new tasks outside of the Cyber Risk and Governance areas will ensure that you assist the CISO with key priorities while also expanding your knowledge in a balanced manner and growing your career. Key partners and collaboration partners will include the CIO, CISO, Legal, 2nd Line, Privacy, business units, and the rest of the IT Senior Leadership team.
You are forward-thinking, collaborative, embrace learning/new technology and are comfortable in a fast-paced environment.
- Proficiently lead and manage team Cybersecurity Risk and Governance professionals working towards the efficient operation and continued maturation of existing cybersecurity risk and governance processes.
- Develop and craft the overall cybersecurity risk and governance vision as the most senior cybersecurity risk and governance subject matter expert within the organization.
- Align cybersecurity program to the NIST Cybersecurity Framework proficiently. Lead periodic self-assessments against the framework along with independent third party assessments.
- Enhance and improve Cybersecurity Risk Assessment Process. Ensure that cybersecurity risks are managed collaboratively with the business and decisions are made on a balanced risk-prioritized basis.
- Build and develop a Third Party Cybersecurity Risk Management Process to continuously assess Third Party from a cybersecurity perspective to lead third party cyber risk.
- Dedication to develop, improve, contribute to and enhance Security Awareness Training and Phish Test program. Introduce and encourage automation and enhanced reporting to increase efficiency of delivery and interpretation of results.
- Identify gaps in existing processes and solutions then build and develop remediation plans to address such gaps with the development/re-design of processes or deployment of solutions (eg. tooling, automation, overhaul).
- Develop, build and refine service metrics, KPIs and KRIs for cybersecurity risk and governance functions.
- Participate in and grow in other non-risk/governance facets of cybersecurity – Identity and Access Management, Security Operations, Cybersecurity Delivery to assist the CISO supervising a diverse cybersecurity department responsible for running cybersecurity risk.
- Adopt and deliver using agile-based SDLC.
- Continue personal professional development as a cybersecurity risk and governance subject-matter expert, including industry training, developing interpersonal relationships with peers in industry, attending conferences, and self-study.
- Train, coach, and mentor a growing cybersecurity risk and governance teams to efficiently support the requirements and to develop and build the careers of your teams to lead them to bigger and better things.
- QualificationsMinimum 10 years Cybersecurity/Information Security experience including 7 years in a management role.
- Preference for a University degree in Computer Engineering/Science or Cybersecurity.
- Outstanding experience managing or being responsible for a Security Advisory/Assessment team including mentoring, along with previous experience performing cybersecurity risk assessments and risk management activities.
- Experience utilizing the NIST Cybersecurity Framework to lead an organization’s cybersecurity program.
- Hands on experience managing Security Awareness and Phish Test campaigns proficiently.
- Extensive utilization/experience with Governance, Risk and Compliance tools (GRC) tools preferred.
- Excellent verbal and written communication, interpersonal and collaborative skills, and ability to communicate technical concepts to non-technical audiences in a positive manner.
- Strong relationship management skills. Ability to understand various partner objectives while driving towards an outcome that appropriately manages cybersecurity risk.
- Multi-tasking on multiple projects and tasks with contending priorities in a fast-paced environment.
- Resourceful, sees the benefits of automation and has experience in efficiently automating repetitive work that lends itself to being automated.
- Experience with cloud environments preferred (AWS, Azure).
- Outstanding delivery and problem solving skills - the ability to take a problem from start to finish and drive towards the desired outcome.
- An interest in professional development and to embrace digital/cybersecurity – the resolve, resolution and ability to learn to upskill as required to stay pace with the current cyber threat landscape.
Demand For HR is an equal opportunity Recruiting Firm. We do not discriminate against gender, race, persons with disabilities or ethnical background. We thank all applicants for your interest in the roles Demand For HR is recruiting for.